When It Comes to Cybersecurity, Scare Tactics Aren't Convincing Americans to Sacrifice Privacy

This week, comments from Democratic Senators, a panel of witnessses, and the director of the National Security Agency (NSA) called on the Senate to enact cybersecurity legislation. But a new poll shows that Americans don't want to sacrifice civil liberties by allowing unfettered data exchanges between corporations and the government. Discussions this week were part of an effort to break the partisan stalemate over the Cybersecurity Act, a bill that would allow Internet companies to monitor the sensitive communications of users and pass that data to the government without any judicial oversight. The Cybersecurity Act would also give companies the right to "modify or block data packets" if they do it with "defensive intent," while offering little in the way of liability for companies that overstep their authority.

In response to ongoing delays in passing the bill, backers of the Cybersecurity Act have been attempting to drum up fears about catastrophic cyberattacks. Yesterday, Senators Sheldon Whitehouse and Richard Blumenthal called on the Senate to enact cybersecurity legislation despite the ongoing civil liberties concerns with the proposed legislation. Speaking to the Senate, Senator Blumenthal warned of doomsday scenarios, saying: "The consequences of a debilitating attack will be catastrophic for our nation."

Speaking in a similar vein earlier this week, Army Gen. Keith Alexander, head of the Pentagon's Cyber Command, gave a speech cautioning against potential terrorist cyberattacks and warned that, "The conflict is growing, the probability for crisis is mounting." In response to civil liberties concerns, Alexander stated: "The reality is we can do protection of civil liberties and privacy and cybersecurity as a nation." This is a particularly ironic statement because Alexander, as director of the NSA, oversees the warrantless surveillance program begun by the Bush Administration which collects en masse the Internet communications and communications records of millions of Americans (like browsing habits, emails, and chats).

And in a hearing yesterday morning before the Senate Homeland Security and Governmental Affairs Committee, witnesses who testified (which included no representatives from the civil liberties community1) urged passage of a cybersecurity bill. RAND Corporation's Brian Michael Jenkins said that it was more important to "get these things moving" than to find "the absolute perfect legislation."

We couldn't disagree more. While the perfect should never be the enemy of the good, cybersecurity legislation enacted in haste today could undermine the civil liberties of Internet users generations from now. Congress must take time to ensure all legislation it passes won't undermine fundamental online rights. None of the current cybersecurity proposals come close to fitting that criteria.

There was one bright moment in the hearing yesterday. In his written testimony (PDF), Dr. Stephen Flynn of Northeastern University called on the government to "resist the secrecy reflex" when it comes to security issues, adding:

[S]trict rules that preclude the sharing of homeland security information with unvetted individuals too often translates into leaving essential expertise on the sidelines. Even when security information is shared with vetted company security officers, they are precluded from passing along the details to their bosses who do not hold active security clearances. As a result, investment and operational decisions are often made with scant attention paid to the potential security stakes. The federal government should make a concerted effort to increase transparency with the broader public as well.

This week also saw the publication of a new survey that shows that the majority of Americans don't want to sacrifice their online privacy in the name of cybersecurity. A United Technologies/National Journal Congressional Connection Poll found that 63% of those polled believed government and businesses should not be allowed to share information because it would hurt privacy and civil liberties.

In fact, the United Technologies/National Journal poll found that Americans were concerned about cybersecurity—67% of those surveyed were worried about the country's computer networks—but that didn't translate into support for proposals that could undermine online privacy rights. This matches with EFF's own stance. EFF has long advocated for better computer security through projects like our free HTTPS Everywhere browser add-on, our security audit of open source software, and our ongoing coverage of Syrian state-sponsored malware. But while we understand and appreciate security issues, we don't believe that safeguarding networked devices necessitates eviscerating all existing privacy law. Any cybersecurity proposal that gives the government free rein to snoop through our private communications without a warrant is the wrong solution.

The United Technologies/National Journal poll also reflected the party-line disagreements that have helped stall progress on cybersecurity legislation. While Democratic respondents were divided on the role of government regulation in cybersecurity issues, a large majority of Republicans and independent responders to the poll opposed government standards.

Unfortunately, our elected officials are doing little to assuage the concerns of Americans who cherish their online civil liberties. Senate Majority Leader Harry Reid has threatened to bring the issue to the floor for a vote before the end of July, leaving concerned citizens only a few weeks to speak out against the major privacy implications of this sweeping legislation. EFF is asking individuals to email Congress through our online form or call your Senator to urge them to oppose cybersecurity legislation that sacrifices online privacy.

Related Updates

Hiperderecho, the leading digital rights organization in Peru, in collaboration with the Electronic Frontier Foundation, today launched its second ¿Quien Defiende Tus Datos? (Who Defends Your Data?), an evaluation of the privacy practices of the Internet Service Providers (ISPs) that millions of Peruvians use every day. This year's...

The California Consumer Privacy Act (CCPA) requires the California Attorney General to take input from the public on regulations to implement the law, which does not go into effect until 2020. The Electronic Frontier Foundation has filed comments on two issues: first, how to verify consumer requests to companies for...

Ever since the Cambridge Analytica scandal last summer, consumer data privacy has been a hot topic in Congress. The witness table has been dominated by the biggest platforms, with those in lockstep with the tech giants earning the vast majority of attention. However, this week marked the first time that...

We urged the Florida Supreme Court yesterday to review a closely-watched lawsuit to clarify the due process rights of defendants identified by facial recognition algorithms used by law enforcement. Specifically, we told the court that when facial recognition is secretly used on people later charged with a crime, those...

In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s...

In back-to-back hearings last week, the House and the Senate discussed what, if anything, Congress should do about online privacy. Sounds fine—until you see who they invited. Congress should be seeking out multiple, diverse perspectives. But last week, both chambers largely invited industry advocates, eager to...

San Francisco - Technology is supposed to make our lives better, yet many big companies have products with big security and privacy holes that disrespect user control and put us all at risk. The Electronic Frontier Foundation (EFF) is launching a new project called “Fix It Already!” demanding repair...

Today we are announcing Fix It Already, a new way to show companies we're serious about the big security and privacy issues they need to fix. We are demanding fixes for different issues from nine tech companies and platforms, targeting social media companies, operating systems, and enterprise platforms on...

Update, 2:35 p.m.: The coalition of groups behind Privacy for All has grown since time of publishing. This update reflects the latest count. Privacy is a right. It is past time for California to ensure that the companies using secretive practices to make money off of our personal information treat...